From 5dc692566a9e67cb51c0173b1ac40f1770278a6c Mon Sep 17 00:00:00 2001 From: Richard Soderberg Date: Sat, 5 Sep 2015 00:34:24 -0700 Subject: [PATCH] Refuse to accept both --cafile and --capath. Prior to this commit, the code accepts both the --cafile and the --capath options, as that's how it's always behaved. This patch corrects that, refusing to proceed if the options are provided. Technically, openssl permits the use of both the -CAfile and -CApath options. However, cipherscan itself can only make use of one of the two options, and does not currently support "one or both" scenarios. So this patch ensures that users are not caught unaware when they specify --capath and --cafile and the script refuses to honor the latter. --- cipherscan | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cipherscan b/cipherscan index 9b6f302..429561d 100755 --- a/cipherscan +++ b/cipherscan @@ -1340,6 +1340,11 @@ do esac done +if [[ -n $CAPATH && -n $CACERTS ]]; then + echo "Both directory and file with CA certificates specified" 1>&2 + exit 1 +fi + # echo parameters left: $@ TEMPTARGET=$(sed -e 's/^.* //'<<<"${@}")